Mobile-Related Threats by Avast for Q1/2022 (Adware, Bankers, PremiumSMS, Ransomware)
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/

Samsung Flow - Any App Can Read The External Storage CVE-2022-28775
A rogue application could use this issue to read contents on the device's external storage without requiring the proper Android permissions
https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/

Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store CVE-2022-28776
This new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/

Warning: GRIM and Magnus Android Botnets are Underground
https://www.fortinet.com/blog/threat-research/grim-magnus-android-botnets

Mobile subnoscription Trojans and their little tricks
https://securelist.com/mobile-subnoscription-trojans-and-their-tricks/106412/

The noscript to install important Android Pentesting tools & configure genymotion emulator automatically with tools
https://xenion0.github.io/xenion/posts/Android-install/

Reversing an Android sample which uses Flutter
https://cryptax.medium.com/reversing-an-android-sample-which-uses-flutter-23c3ff04b847

Google Play Store App with 10,000+ Served Android Teabot/Anatsa Banking Trojan
https://labs.k7computing.com/index.php/play-store-app-serves-teabot-via-github/

0-day ACE discovered in iOS/macOS that has been actively exploited in-the-wild found in AppleAVD that was patched in March - CVE-2022-22675
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-22675.html

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html

A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned
https://www.usenix.org/conference/usenixsecurity22/presentation/shen

When Wireless Malware Stays On After Turning Off iPhones
demo: https://youtu.be/KrqTHd5oqVw
paper: https://arxiv.org/pdf/2205.06114.pdf

Vulnerability in Huawei's AppGallery can download paid apps for free
https://evowizz.dev/blog/huawei-appgallery-vulnerability

Comparing root detection on banking apps with latest version of Magisk
https://markuta.com/magisk-root-detection-banking-apps/

Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/

Protecting Android users from 0-Day attacks

Denoscription of 3 campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website.

Compromise flow:
website redirect -> deliver browser exploit -> load ALIEN malware -> load PREDATOR payload
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

Android security checklist: theft of arbitrary files
https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/

Weaponizing dirtypipe vulnerability on Android
https://docs.google.com/presentation/d/1Tq00gy1GtiK0OvNYOy_kCz0er9ZECBXGoy5Lfy5MD3M/mobilepresent#slide=id.p

Anti-Frida - Techniques to Detect Frida
https://github.com/apkunpacker/Anti-Frida

New version of Android banking trojan ERMAC 2.0 is available on the underground market and already has an active campaign https://blog.cyble.com/2022/05/25/ermac-back-in-action/

Notification implicit PendingIntent in Android NextCloud app allows to access contacts (CVE-2022-24886) https://hackerone.com/reports/1161401